Security Affairs

OCTOBER 13, 2024

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. A cyber attack hit Iranian government sites and nuclear facilities Ransomware operators exploited Veeam Backup & Replication flaw CVE-2024-40711 in recent attacks GitLab fixed a critical flaw that could allow arbitrary CI/CD pipeline execution Iran an

Data breaches 118

Data breaches Cryptocurrency Cybercrime Artificial Intelligence 118

SecureWorld News

OCTOBER 13, 2024

Virtual reality (VR) technology has transformed how we experience digital environments. This technology simulates environments with striking realism, providing a highly immersive experience for users, and triggering their visual and auditory senses so they feel that they are truly in the moment in a virtual world. The emergence of artificial intelligence (AI) has also transcended these experiences.

Artificial Intelligence 109

Artificial Intelligence Technology Authentication Data preservation 109

Security Affairs

OCTOBER 13, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Over 300,000! GorillaBot: The New King of DDoS Attacks Hidden cryptocurrency mining and theft campaign affected over 28,000 users The Mongolian Skimmer: different clothes, equally dangerous Akira and Fog ransomware now exploit cri

Malware 124

Malware DDOS Cryptocurrency Education 124

Lohrman on Security

OCTOBER 13, 2024

Bad actors often take advantage of natural disasters, and especially hurricanes, in times of crisis. Hurricanes Helene and Milton pose significant new online threats, including misinformation and fraud.

Scams 278

Scams 278

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Penetration Testing

OCTOBER 13, 2024

A new analysis by security researcher Michael Stepankin (@artsploit) of the GitHub Security Lab (GHSL) has uncovered a critical vulnerability in pac4j, a widely-used Java security framework. This vulnerability, tracked... The post Popular Java Security Framework ‘pac4j’ Vulnerable to RCE (CVE-2023-25581) appeared first on Cybersecurity News.

Cybersecurity 97

Cybersecurity 97

The Hacker News

OCTOBER 13, 2024

The Iranian threat actor known as OilRig has been observed exploiting a now-patched privilege escalation flaw impacting the Windows Kernel as part of a cyber espionage campaign targeting the U.A.E. and the broader Gulf region.

143

143

Security Boulevard

OCTOBER 13, 2024

Bad actors often take advantage of natural disasters, and especially hurricanes, in times of crisis. Hurricanes Helene and Milton pose significant new online threats, including misinformation and fraud. The post Misinformation, Online Scams Surging Following Historic Hurricanes appeared first on Security Boulevard.

Scams 121

Scams 121

Penetration Testing

OCTOBER 13, 2024

Microsoft has released new guidance to help organizations defend against Kerberoasting attacks, a growing threat to Active Directory (AD) environments. This cyberattack exploits the Kerberos authentication protocol to steal AD... The post Microsoft Issues Guidance to Combat Rising Kerberoasting Attacks appeared first on Cybersecurity News.

Authentication 109

Authentication Cybersecurity Technology 109

Zero Day

OCTOBER 13, 2024

Walmart's major sale on tech, home, toys, and more ahead of the holidays ends today. Don't miss these deals from Apple, Samsung, and more.

98

98

Penetration Testing

OCTOBER 13, 2024

A recent report from the Shadowserver Foundation has revealed a concerning number of Fortinet devices remain vulnerable to a critical remote code execution (RCE) vulnerability, despite patches being available for... The post Thousands of Fortinet Devices Remain Exposed to RCE CVE-2024-23113 Vulnerability appeared first on Cybersecurity News.

Cybersecurity 96

Cybersecurity 96

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Security Boulevard

OCTOBER 13, 2024

Executive Summary Researchers at the Spark Research Lab (University of Texas at Austin)1, under the supervision of Symmetry CEO Professor. The post ConfusedPilot: UT Austin & Symmetry Systems Uncover Novel Attack on RAG-based AI Systems appeared first on Symmetry Systems. The post ConfusedPilot: UT Austin & Symmetry Systems Uncover Novel Attack on RAG-based AI Systems appeared first on Security Boulevard.

94

94

Penetration Testing

OCTOBER 13, 2024

A high-severity vulnerability, tracked as CVE-2024-35202 and assigned a CVSS v3.0 base score of 7.5, has been disclosed in the Bitcoin Core software. Exploitation of this vulnerability permits remote attackers... The post Bitcoin Core Vulnerability (CVE-2024-35202) Enables Remote Node Crashes appeared first on Cybersecurity News.

Software 93

Software Cybersecurity 93

Security Boulevard

OCTOBER 13, 2024

What is the KCDPA? The Kentucky Consumer Data Protection Act (KCDPA) is a state-level privacy law designed to safeguard the personal information of Kentucky residents. Like other state privacy regulations, KCDPA sets rules for how businesses collect, use, store, and share consumer data. The law aims to ensure that individuals have greater control over their […] The post Kentucky Consumer Data Protection Act (KCDPA) appeared first on Centraleyes.

64

64

Penetration Testing

OCTOBER 13, 2024

GitHub has released security updates to address two vulnerabilities in GitHub Enterprise Server, one of which could allow attackers to bypass authentication and gain unauthorized access. The most severe vulnerability,... The post GitHub Enterprise Server Patches Critical Security Flaw – CVE-2024-9487 (CVSS 9.5) appeared first on Cybersecurity News.

Authentication 88

Authentication Cybersecurity 88

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Security Boulevard

OCTOBER 13, 2024

In the milestone 350th episode of the Shared Security Podcast, the hosts reflect on 15 years of podcasting, and the podcast’s evolution from its beginnings in 2009. They discuss the impact of a current hurricane on Florida, offering advice on using iPhone and Android satellite communication features during emergencies. The ‘Aware Much’ segment focuses on […] The post Emergency Satellite Messaging, Stagnation in User Cybersecurity Habits appeared first on Shared Security Podcast.

Cybersecurity 64

Cybersecurity Password Management Passwords Media 64

Penetration Testing

OCTOBER 13, 2024

Aazim Yaswant, a Malware Analyst at Zimperium, has published a comprehensive analysis of the latest TrickMo samples, revealing alarming new capabilities in this banking trojan. Originally disclosed by Cleafy in... The post Banking Trojan TrickMo Compromised 13,000 Devices, Now Steals Device Unlock Patterns and PINs appeared first on Cybersecurity News.

Banking 85

Banking Malware Cybersecurity 85

Centraleyes

OCTOBER 13, 2024

What is the KCDPA? The Kentucky Consumer Data Protection Act (KCDPA) is a state-level privacy law designed to safeguard the personal information of Kentucky residents. Like other state privacy regulations, KCDPA sets rules for how businesses collect, use, store, and share consumer data. The law aims to ensure that individuals have greater control over their personal information while holding organizations accountable for responsible data practices.

Data breaches 52

Data breaches Data collection Data privacy Risk 52

Penetration Testing

OCTOBER 13, 2024

A detailed technical analysis of DarkVision RAT by security researcher Muhammed Irfan V A at ThreatLabz has shed light on the evolution and growing sophistication of this remote access trojan... The post DarkVision RAT: The $60 Malware Threatening Your Data appeared first on Cybersecurity News.

Malware 54

Malware Cybersecurity 54

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Hacker's King

OCTOBER 13, 2024

Sub-domains play a vital role in how websites function, but they can also be points of vulnerability, posing significant security risks. Enter Subzy, a robust open-source tool designed to assist cybersecurity professionals in identifying live sub-domain takeover vulnerabilities before they can be exploited by malicious actors. In this article, we’ll take a close look at how Subzy operates.

DNS 52

DNS Penetration Testing Media Hacking 52

Penetration Testing

OCTOBER 13, 2024

In a detailed analysis by security researcher Daniel, a serious vulnerability in Zendesk’s email management system, tracked as CVE-2024-49193, has been revealed. This flaw exposes companies using Zendesk to a... The post $50,000 Bounty: Researcher Reveals Critical Zendesk Email Spoofing Flaw (CVE-2024-49193) appeared first on Cybersecurity News.

Cybersecurity 52

Cybersecurity 52

Trend Micro

OCTOBER 13, 2024

Trend Micro researchers have uncovered a surge of malicious activities involving a threat actor group that we track as Water Makara. This group is targeting enterprises in Brazil, deploying banking malware using obfuscated JavaScript to slip past security defenses.

Malware 130

Malware Security Defenses Phishing Banking 130

Penetration Testing

OCTOBER 13, 2024

A critical security vulnerability has been discovered and patched in Plane, a popular open-source project management tool. The vulnerability, identified as CVE-2024-47830 and assigned a CVSS score of 9.3, could... The post Plane Project Management Tool Patches Critical SSRF Flaw – CVE-2024-47830 (CVSS 9.3) appeared first on Cybersecurity News.

Cybersecurity 51

Cybersecurity 51

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Security Boulevard

OCTOBER 13, 2024

One of the biggest dilemmas for security teams is when to patch vulnerabilities. This is a classic “Patch-22” situation—patching immediately can be time-consuming and disruptive, but waiting leaves your organization exposed to cyber threats. It’s a tough balancing act between fixing vulnerabilities and maintaining business continuity. With cyberattacks evolving and becoming more frequent, waiting to […] The post Patch-22: The Catch of Waiting to Fix Cybersecurity Vulnerabilities appeared first

Cybersecurity 86

Cybersecurity Cyber threats 86

Troy Hunt

OCTOBER 13, 2024

It wasn't easy talking about the Muah.AI data breach. It's not just the rampant child sexual abuse material throughout the system (or at least requests for the AI to generate images of it), it's the reactions of people to it. The tweets justifying it on the basis of there being noo "actual" abuse, the characterisation of this being akin to "merely thoughts in someone's head", and following my recording of this video, the backlash from their users about any att

Artificial Intelligence 268

Artificial Intelligence Data breaches DDOS Internet 268

Security Boulevard

OCTOBER 13, 2024

Authors/Presenters:Vaibhav Singh, Tusher Chakraborty, Suraj Jog, Om Chabra, Deepak Vasisht, Ranveer Chandra Our sincere thanks to USENIX , and the Presenters & Authors for publishing their superb 21st USENIX Symposium on Networked Systems Design and Implementation (NSDI '24) content, placing the organizations enduring commitment to Open Access front and center.

Internet 69

Internet Internet 69